Gafgyt

Malware Profile Updated 24 days ago
Download STIX
Preview STIX
Gafgyt, also known as Bashlite, is a form of malware that infects Linux architecture operating systems to launch Distributed Denial of Service (DDoS) attacks. The malware infiltrates systems through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. A variant of the Gafgyt bot exploits vulnerabilities in systems to expand DDoS attacks on Linux-based systems. By downloading and executing malicious scripts, this Gafgyt variant establishes connections with command-and-control servers, awaiting instructions to launch coordinated attacks on targeted victims. Researchers from Unit 42, Palo Alto Networks, and Fortinet have observed multiple attacks over the past month focused on exploiting system vulnerabilities. These include attacks from popular Linux botnets such as Mirai and Gafgyt which usually generate random IP addresses as scanning destinations. In addition to these, other botnets including Moobot, Miori, the Golang-based agent "AGoent," a Gafgyt variant, and an unnamed variant of the infamous Mirai botnet have been identified as part of these attack campaigns. Threat actors are taking advantage of unpatched devices to dispatch various botnets — including Moobot, Miori, AGoent, a Gafgyt variant, and variants of the infamous Mirai botnet — that can compromise the devices for DDoS and further nefarious activity. Researchers found that the notorious Mirai and Gafgyt malware families, known for turning devices into botnets, drove the majority of attacks, constituting 66% of blocked payloads. Other commonly used malwares include ShellBot, Tsunami, ChinaZ DDoS Bot, XMRig CoinMiner, and Gafgyt.
What's your take? (Question 1 of 5)
b954ded6-6dde-4e41-8d6d-fea445e1e775 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Mirai Botnet
3
The Mirai botnet is a malicious software (malware) that has been leveraged by threat actors to exploit vulnerabilities in internet-connected devices, creating a network of compromised systems used to launch large-scale Distributed Denial of Service (DDoS) attacks. The botnet gained notoriety when it
Bashlite
2
Bashlite, also known as Gafgyt, is a type of malware that specifically targets Linux architecture operating systems. This malicious software is designed to infiltrate your system through dubious downloads, emails, or websites and can cause significant damage without your knowledge. Once Bashlite has
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Vulnerability
Ddos
Botnet
Linux
Bot
Exploit
Denial of Se...
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Miraiis related to
8
Mirai is a type of malware that specifically targets Internet of Things (IoT) devices to form a botnet, which is a network of compromised devices controlled by an attacker. The Mirai botnet gained significant attention in early 2022 when it accounted for over 7 million botnet detections. However, by
Gafgyt VariantUnspecified
3
The Gafgyt variant is a malicious software that poses a significant threat to computer systems and devices. This malware can infiltrate your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information,
MoobotUnspecified
2
Moobot is a malicious software (malware) that has been active since at least 2016. It infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or even hold data for ransom once inside. The Moobot botnet includes other routers and virtu
MoziUnspecified
2
Mozi is a type of malware, a malicious software designed to exploit and damage computer systems or devices. It can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, Mozi has the potential to steal personal information, disrupt oper
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-1389Unspecified
2
CVE-2023-1389 is a significant software vulnerability identified in March of this year, involving a flaw in the design or implementation of certain routers. This vulnerability specifically affects TP-Link Archer AX21 (AX1800) routers and allows for command injection, enabling unauthorized users to g
Source Document References
Information about the Gafgyt Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Fortinet
a month ago
Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread | FortiGuard Labs
Fortinet
a year ago
2022 IoT Threat Review | FortiGuard Labs
Securityaffairs
9 months ago
Gafgyt botnet is targeting EoL Zyxel routers
SANS ISC
7 months ago
Routers Targeted for Gafgyt Botnet [Guest Diary] - SANS Internet Storm Center
Unit42
a year ago
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
BankInfoSecurity
a month ago
Exploited TP-Link Vulnerability Spawns Botnet Threats
CERT-EU
a year ago
Cybersecurity threatscape: year 2021 in review
DARKReading
a month ago
Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks
MITRE
a year ago
Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
Securityaffairs
7 months ago
Who is behind the Mozi Botnet kill switch?
Unit42
a year ago
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
CERT-EU
a year ago
DDoS Malware Distributed Through Compromised Linux SSH Servers
CERT-EU
8 months ago
Mirai Botnet’s New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught
CERT-EU
a year ago
New Strain of Sotdas Malware Discovered | Qualys Security Blog
CERT-EU
7 months ago
IoT security threats highlight the need for zero trust principles - Help Net Security
CERT-EU
5 months ago
Attackers Targeting Poorly Managed Linux SSH Servers
MITRE
a year ago
Chaos: a Stolen Backdoor Rising Again - GoSecure
CERT-EU
a year ago
Linux Servers Hacked to Launch DDoS Attacks and Mine Monero Cryptocurrency
CERT-EU
a year ago
Hackers Attack Linux SSH Servers with Tsunami DDoS Malware
BankInfoSecurity
7 months ago
Breach Roundup: Winter Vivern Hunting For Emails